gcleaner | 9f81b0dad3656a63aaeeba4b098390b50d7163f6c5ace889c4c25beae9946b93 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

0bae28922a...5b.exe

windows7-x64

0bae28922a...5b.exe

windows10-2004-x64

Sharing

General

Target

0bae28922ad0fc2e5d92b6bf45fd23efb20c2639fafef7bcb0e12b642e2a9f5b.zip
Size

205KB
Sample

230311-s784zsac32
MD5

fceb9b7f9843ae522ff8157146472a89
SHA1

e5ba023a162bec11b43f45e18afe4cad312196d6
SHA256

9f81b0dad3656a63aaeeba4b098390b50d7163f6c5ace889c4c25beae9946b93
SHA512

6bccce2015576ec67624039158f10ab180d74a7ea3c2293f0a9020c1558295c41029480b61027fa3766c4e774589da5728089a517e92ed4f7df5f5b9cf8bf62c
SSDEEP

3072:27S+SFqN5wafDfnCGyV8LSO8n9Z3LxEBzGELbabAGG9Zi9WRXbwHdPCI:27xAqXfCGy+GZ31+zGELbkG9JOPv

Score

10^/10

gcleaner loader

Static task

static1

Behavioral task

behavioral1

Sample

0bae28922ad0fc2e5d92b6bf45fd23efb20c2639fafef7bcb0e12b642e2a9f5b.exe

Resource

win7-20230220-en

gcleaner loader

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

0bae28922ad0fc2e5d92b6bf45fd23efb20c2639fafef7bcb0e12b642e2a9f5b.exe

Resource

win10v2004-20230221-en

gcleaner loader

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  0bae28922ad0fc2e5d92b6bf45fd23efb20c2639fafef7bcb0e12b642e2a9f5b.exe
- Size
  
  274KB
- MD5
  
  fc9d6c44a166ea2f7f93de619b904481
- SHA1
  
  e47a116cf55e7f3dbb141f0dc4b6c75875fec38a
- SHA256
  
  0bae28922ad0fc2e5d92b6bf45fd23efb20c2639fafef7bcb0e12b642e2a9f5b
- SHA512
  
  4a60cc0a48f6ec442e6244d9b1a488b6644e250f726631dab286470eee80ccc5f86296abcbacdda233d4f7dbc24973fd8e1476ad302dba21c2302bc9c8a72cf2
- SSDEEP
  
  6144:QgnrhUFa2TGI5Z6p+F8duWDHoGjiXECnrSenXJ0v:Qgnr/2TGI5Z6pjEWSBneen5u
Score

10^/10

gcleaner loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.